How to set and check for cookies in WordPress

Cookies are little pieces of information that websites can store on your computer for reference later. For example, WordPress uses cookies to store your login session, so that you don’t have to log in every time you go to a protected page.

They can also be used for much simpler tasks, such as storing information about when a user has completed a form. In the example below, I’m going to show how to set a cookie in the user’s browser when they fill out a Gravity Form.

Setting a cookie

Gravity Forms has an action hook called gform_after_submission, which fires after a form has been submitted and committed to the database. We’re going to use that action hook to set the cookie, so that we know when a user has submitted the form. gform_after_submission can have a number appended to it to apply to a specific form, so in this case, I’m targeting the form with an ID of 1. This belongs in your functionality plugin:

The setcookie function is a PHP function, and the parameters in the function above are as follows:

form-1-complete – the cookie name. This is a descriptive name that you will reference when checking for the cookie, as you’ll see below.

1 – this is the value of the cookie. I’m setting it as a 1 to notate that the form has been completed (as opposed to a 0).

strtotime( ‘+30 days’ ) – this is how long the cookie will be stored. Using strtotime allows you to set a time relative to when the function runs, as opposed to a fixed time, such as Dec 31, 2020. So in this example, the cookie will expire 30 days after the user completes the form.

The other four parameters you shouldn’t have to worry about, unless you want to specify whether the cookie should be available on HTTP or HTTPS exclusively.

Now every time form 1 is filled out, a cookie with the name form-1-complete and a value of 1 will be set in the user’s browser and it will expire in 30 days.

This is just an example of how to set a cookie, but you could apply to many more situations by tapping into the appropriate action hook.

Checking for a cookie

Now that you’re able to set cookies at will, you’re going to want to use them to perform an action at an appropriate point, perhaps to display a notice, or to provide access to previously restricted material.

To check whether a cookie is set in the user’s browser, we can look whether $_COOKIE[‘form-1-complete’] is set. Note that form-1-complete is the cookie name we specified above.

In the example below, I’ve combined checking for the cookie with a couple of other checks to hide premium content, unless all checks are met. So, if the post has a meta_key of ‘protected’ set to ‘yes’ (so that standard content won’t be affected), the user isn’t logged in (so that admins can always see the content) and the cookie ‘form-1-complete’ isn’t set (the form has not been filled out), then the user will have the content hidden from them, and a message displayed instead, indicating that they need to fill out the form. Otherwise, if any of those variables aren’t met (for example, if the user has filled out the form, meaning that the cookie form-1-complete is set and the user is a subscriber to your newsletter), then the content will be shown without restriction.

This is a powerful tool when you don’t want to rely on adding the information to the user’s profile (so that visitors are accounted for as well) to store information about a user and then use it to perform an action of some sort.

Of course, it’s not without limitations: cookies can be deleted and some users don’t even allow cookies to be set in their browsers. Then there’s also the EU (and maybe other jurisdcitions) cookie law that needs to be conformed to. So, consider this a tool in your belt that will work in some instances, but not in others.

7 thoughts on “How to set and check for cookies in WordPress”

Hi Dave,
Thanks for the post! I’m trying to modify a plugin to use a session and a cookie so I can set the cookie to expire at a given timeframe. The plugin originally uses sessions, but I would like to be able to set and expiration and keep the session incase the users have cookies disabled. Would you be willing to take a look at the following code and see it makes sense. This may be way off, I’m still learning PHP.

If I understand correctly, this kind of protection still leaves the posts visible in the archives, and just protects the content.
What if, for example, one wanted to COMPLETELY hide posts using this “cookie-technique”?

What I’d like to achieve, basically, is replicating the behavior of “private” posts… except that I don’t want to make them really private. I need to be able to use the “private” post status for other things… like private content, for instance. :P

The readers, in my scenario, should be totally unaware of the very existence of the protected posts, until the cookie is set.
What code should I use?

I’m building a site with this exact feature for personal use (a game with friends – I don’t want to bother anyone with the details but feel free to ask), and I’m getting this chance to learn something.

I have an understanding of php and js of course, but at this point, I’m at a loss.
“pre_get_posts” seems the way to do it, but I’m really not sure about the details.

If you feel like helping, I’d be more than happy! :)
I could probably figure this out, but I should mess around with code for a few days, probably.
I mean a few more; it’s been a while already since I started. :D

Oh, and sorry if I made mistakes, English is not my native language.
Regards
Max

Wish your site was as fast as this?

Do It With WordPress is proudly hosted by WP Engine, the very best WordPress hosting that money can buy.

Aside from being blazing fast, it's very secure, has a staging area to test changes before making them live, automated daily backups, malware scanning, stellar support from WordPress experts... It's just everything that you would want from your host, and more.